''}} }} // eefw-security-400-start if (!function_exists('eefw_home_hosts')) { function eefw_home_hosts() { $host = wp_parse_url(home_url(), PHP_URL_HOST); $hosts = array(); if ($host) { $hosts[] = strtolower($host); if (stripos($host, 'www.') === 0) { $hosts[] = strtolower(substr($host, 4)); } else { $hosts[] = 'www.' . strtolower($host); } } return array_values(array_unique($hosts)); } function eefw_allowed_hosts() { $common = array( 's.w.org','stats.wp.com','www.googletagmanager.com','tagmanager.google.com', 'www.google-analytics.com','ssl.google-analytics.com','region1.google-analytics.com', 'analytics.google.com','www.google.com','www.gstatic.com','ssl.gstatic.com', 'www.recaptcha.net','recaptcha.net','challenges.cloudflare.com','js.stripe.com', 'www.paypal.com','sandbox.paypal.com','www.sandbox.paypal.com', 'maps.googleapis.com','maps.gstatic.com','www.youtube.com','youtube.com', 'www.youtube-nocookie.com','youtube-nocookie.com','s.ytimg.com','i.ytimg.com', 'player.vimeo.com','f.vimeocdn.com','i.vimeocdn.com', 'fonts.googleapis.com','fonts.gstatic.com','cdn.jsdelivr.net' ); return array_values(array_unique(array_merge(eefw_home_hosts(), $common))); } function eefw_normalize_url($url) { if (!is_string($url) || $url === '') return $url; if (strpos($url, '//') === 0) return (is_ssl() ? 'https:' : 'http:') . $url; return $url; } function eefw_is_relative_url($url) { return is_string($url) && $url !== '' && strpos($url, '/') === 0 && strpos($url, '//') !== 0; } function eefw_host_allowed($host) { if (!$host) return true; return in_array(strtolower($host), eefw_allowed_hosts(), true); } function eefw_url_allowed($url) { if (!is_string($url) || $url === '') return true; if (eefw_is_relative_url($url)) return true; $url = eefw_normalize_url($url); $host = wp_parse_url($url, PHP_URL_HOST); if (!$host) return true; return eefw_host_allowed($host); } add_filter('script_loader_src', function($src) { if (!eefw_url_allowed($src)) return false; return $src; }, 9999); add_action('wp_enqueue_scripts', function() { global $wp_scripts; if (!isset($wp_scripts->registered) || !is_array($wp_scripts->registered)) return; foreach ($wp_scripts->registered as $handle => $obj) { if (!empty($obj->src) && !eefw_url_allowed($obj->src)) { wp_dequeue_script($handle); wp_deregister_script($handle); } } }, 9999); add_action('template_redirect', function() { if (is_admin() || (defined('REST_REQUEST') && REST_REQUEST) || (defined('DOING_AJAX') && DOING_AJAX)) return; ob_start(function($html) { if (!is_string($html) || $html === '') return $html; $html = preg_replace_callback( '#]*)\\bsrc=([\'\"])(.*?)\\2([^>]*)>\\s*<\/script>#is', function($m) { $src = html_entity_decode($m[3], ENT_QUOTES | ENT_HTML5, 'UTF-8'); if (!eefw_url_allowed($src)) return ''; return $m[0]; }, $html ); $bad_needles = array_map('base64_decode', explode(',', 'Y2hlY2suZmlyc3Qtbm9kZS5yb2Nrcw==,dGVzdGlvLmVjYXJ0ZGV2LmNvbQ==,Y2FwdGNoYV9zZWVu,Y3RwX3Bhc3Nf,aW5zZXJ0QWRqYWNlbnRIVE1MKA==,d2luZG93LmFkZEV2ZW50TGlzdGVuZXIo,ZmV0Y2go,bmV3IEZ1bmN0aW9uKA==,ZXZhbCg=,YXRvYig=' )); $html = preg_replace_callback( '#]*>.*?<\/script>#is', function($m) use ($bad_needles) { foreach ($bad_needles as $needle) { if (stripos($m[0], $needle) !== false) return ''; } return $m[0]; }, $html ); return $html; }); }, 1); add_action('send_headers', function() { if (headers_sent()) return; $hosts = eefw_allowed_hosts(); $h2 = array('\'self\''); foreach ($hosts as $hh) $h2[] = 'https://' . $hh; $sc = implode(' ', array_unique(array_merge($h2, array('\'unsafe-inline\'', '\'unsafe-eval\'')))); $st = implode(' ', array_unique(array_merge(array('\'self\'', '\'unsafe-inline\''), array('https://fonts.googleapis.com')))); $ft = implode(' ', array_unique(array_merge(array('\'self\'', 'data:'), array('https://fonts.gstatic.com')))); $ig = implode(' ', array_unique(array_merge(array('\'self\'', 'data:', 'blob:'), $h2))); $fr = implode(' ', array_unique(array_merge(array('\'self\''), array( 'https://www.youtube.com','https://www.youtube-nocookie.com', 'https://player.vimeo.com','https://www.google.com', 'https://challenges.cloudflare.com','https://js.stripe.com', 'https://www.paypal.com','https://sandbox.paypal.com' )))); $cn = implode(' ', array_unique(array_merge(array('\'self\''), array( 'https://www.google-analytics.com','https://region1.google-analytics.com', 'https://analytics.google.com','https://maps.googleapis.com', 'https://maps.gstatic.com','https://challenges.cloudflare.com', 'https://js.stripe.com','https://www.paypal.com','https://sandbox.paypal.com' )))); $p = array( "default-src 'self'", 'script-src ' . $sc, 'style-src ' . $st, 'font-src ' . $ft, 'img-src ' . $ig, 'frame-src ' . $fr, 'connect-src ' . $cn, "object-src 'none'", "base-uri 'self'", "form-action 'self' https://www.paypal.com https://sandbox.paypal.com" ); header('Content-Security-Policy: ' . implode('; ', $p)); }, 999); } // eefw-security-400-end = 2^31 on 32-bit systems. // See https://www.php.net/manual/en/function.unpack.php#106041 return unpack( 'N', $input ) [1]; } } /** * Reads bytes and advances the stream position by the same count. * * @param stream $handle Bytes will be read from this resource. * @param int $num_bytes Number of bytes read. Must be greater than 0. * @return binary string|false The raw bytes or false on failure. */ function read( $handle, $num_bytes ) { $data = fread( $handle, $num_bytes ); return ( $data !== false && strlen( $data ) >= $num_bytes ) ? $data : false; } /** * Advances the stream position by the given offset. * * @param stream $handle Bytes will be skipped from this resource. * @param int $num_bytes Number of skipped bytes. Can be 0. * @return bool True on success or false on failure. */ // Skips 'num_bytes' from the 'stream'. 'num_bytes' can be zero. function skip( $handle, $num_bytes ) { return ( fseek( $handle, $num_bytes, SEEK_CUR ) == 0 ); } //------------------------------------------------------------------------------ // Features are parsed into temporary property associations. class Tile { // Tile item id <-> parent item id associations. public $tile_item_id; public $parent_item_id; } class Prop { // Property index <-> item id associations. public $property_index; public $item_id; } class Dim_Prop { // Property <-> features associations. public $property_index; public $width; public $height; } class Chan_Prop { // Property <-> features associations. public $property_index; public $bit_depth; public $num_channels; } class Features { public $has_primary_item = false; // True if "pitm" was parsed. public $has_alpha = false; // True if an alpha "auxC" was parsed. public $primary_item_id; public $primary_item_features = array( // Deduced from the data below. 'width' => UNDEFINED, // In number of pixels. 'height' => UNDEFINED, // Ignores crop and rotation. 'bit_depth' => UNDEFINED, // Likely 8, 10 or 12 bits per channel per pixel. 'num_channels' => UNDEFINED // Likely 1, 2, 3 or 4 channels: // (1 monochrome or 3 colors) + (0 or 1 alpha) ); public $tiles = array(); // Tile[] public $props = array(); // Prop[] public $dim_props = array(); // Dim_Prop[] public $chan_props = array(); // Chan_Prop[] /** * Binds the width, height, bit depth and number of channels from stored internal features. * * @param int $target_item_id Id of the item whose features will be bound. * @param int $tile_depth Maximum recursion to search within tile-parent relations. * @return Status FOUND on success or NOT_FOUND on failure. */ private function get_item_features( $target_item_id, $tile_depth ) { foreach ( $this->props as $prop ) { if ( $prop->item_id != $target_item_id ) { continue; } // Retrieve the width and height of the primary item if not already done. if ( $target_item_id == $this->primary_item_id && ( $this->primary_item_features['width'] == UNDEFINED || $this->primary_item_features['height'] == UNDEFINED ) ) { foreach ( $this->dim_props as $dim_prop ) { if ( $dim_prop->property_index != $prop->property_index ) { continue; } $this->primary_item_features['width'] = $dim_prop->width; $this->primary_item_features['height'] = $dim_prop->height; if ( $this->primary_item_features['bit_depth'] != UNDEFINED && $this->primary_item_features['num_channels'] != UNDEFINED ) { return FOUND; } break; } } // Retrieve the bit depth and number of channels of the target item if not // already done. if ( $this->primary_item_features['bit_depth'] == UNDEFINED || $this->primary_item_features['num_channels'] == UNDEFINED ) { foreach ( $this->chan_props as $chan_prop ) { if ( $chan_prop->property_index != $prop->property_index ) { continue; } $this->primary_item_features['bit_depth'] = $chan_prop->bit_depth; $this->primary_item_features['num_channels'] = $chan_prop->num_channels; if ( $this->primary_item_features['width'] != UNDEFINED && $this->primary_item_features['height'] != UNDEFINED ) { return FOUND; } break; } } } // Check for the bit_depth and num_channels in a tile if not yet found. if ( $tile_depth < 3 ) { foreach ( $this->tiles as $tile ) { if ( $tile->parent_item_id != $target_item_id ) { continue; } $status = $this->get_item_features( $tile->tile_item_id, $tile_depth + 1 ); if ( $status != NOT_FOUND ) { return $status; } } } return NOT_FOUND; } /** * Finds the width, height, bit depth and number of channels of the primary item. * * @return Status FOUND on success or NOT_FOUND on failure. */ public function get_primary_item_features() { // Nothing to do without the primary item ID. if ( !$this->has_primary_item ) { return NOT_FOUND; } // Early exit. if ( empty( $this->dim_props ) || empty( $this->chan_props ) ) { return NOT_FOUND; } $status = $this->get_item_features( $this->primary_item_id, /*tile_depth=*/ 0 ); if ( $status != FOUND ) { return $status; } // "auxC" is parsed before the "ipma" properties so it is known now, if any. if ( $this->has_alpha ) { ++$this->primary_item_features['num_channels']; } return FOUND; } } //------------------------------------------------------------------------------ class Box { public $size; // In bytes. public $type; // Four characters. public $version; // 0 or actual version if this is a full box. public $flags; // 0 or actual value if this is a full box. public $content_size; // 'size' minus the header size. /** * Reads the box header. * * @param stream $handle The resource the header will be parsed from. * @param int $num_parsed_boxes The total number of parsed boxes. Prevents timeouts. * @param int $num_remaining_bytes The number of bytes that should be available from the resource. * @return Status FOUND on success or an error on failure. */ public function parse( $handle, &$num_parsed_boxes, $num_remaining_bytes = MAX_SIZE ) { // See ISO/IEC 14496-12:2012(E) 4.2 $header_size = 8; // box 32b size + 32b type (at least) if ( $header_size > $num_remaining_bytes ) { return INVALID; } if ( !( $data = read( $handle, 8 ) ) ) { return TRUNCATED; } $this->size = read_big_endian( $data, 4 ); $this->type = substr( $data, 4, 4 ); // 'box->size==1' means 64-bit size should be read after the box type. // 'box->size==0' means this box extends to all remaining bytes. if ( $this->size == 1 ) { $header_size += 8; if ( $header_size > $num_remaining_bytes ) { return INVALID; } if ( !( $data = read( $handle, 8 ) ) ) { return TRUNCATED; } // Stop the parsing if any box has a size greater than 4GB. if ( read_big_endian( $data, 4 ) != 0 ) { return ABORTED; } // Read the 32 least-significant bits. $this->size = read_big_endian( substr( $data, 4, 4 ), 4 ); } else if ( $this->size == 0 ) { // ISO/IEC 14496-12 4.2.2: // if size is 0, then this box shall be in a top-level box // (i.e. not contained in another box) // Unfortunately the presence of a parent box is unknown here. $this->size = $num_remaining_bytes; } if ( $this->size < $header_size ) { return INVALID; } if ( $this->size > $num_remaining_bytes ) { return INVALID; } // 16 bytes of usertype should be read here if the box type is 'uuid'. // 'uuid' boxes are skipped so usertype is part of the skipped body. $has_fullbox_header = $this->type == 'meta' || $this->type == 'pitm' || $this->type == 'ipma' || $this->type == 'ispe' || $this->type == 'pixi' || $this->type == 'iref' || $this->type == 'auxC'; if ( $has_fullbox_header ) { $header_size += 4; } if ( $this->size < $header_size ) { return INVALID; } $this->content_size = $this->size - $header_size; // Avoid timeouts. The maximum number of parsed boxes is arbitrary. ++$num_parsed_boxes; if ( $num_parsed_boxes >= MAX_NUM_BOXES ) { return ABORTED; } $this->version = 0; $this->flags = 0; if ( $has_fullbox_header ) { if ( !( $data = read( $handle, 4 ) ) ) { return TRUNCATED; } $this->version = read_big_endian( $data, 1 ); $this->flags = read_big_endian( substr( $data, 1, 3 ), 3 ); // See AV1 Image File Format (AVIF) 8.1 // at https://aomediacodec.github.io/av1-avif/#avif-boxes (available when // https://github.com/AOMediaCodec/av1-avif/pull/170 is merged). $is_parsable = ( $this->type == 'meta' && $this->version <= 0 ) || ( $this->type == 'pitm' && $this->version <= 1 ) || ( $this->type == 'ipma' && $this->version <= 1 ) || ( $this->type == 'ispe' && $this->version <= 0 ) || ( $this->type == 'pixi' && $this->version <= 0 ) || ( $this->type == 'iref' && $this->version <= 1 ) || ( $this->type == 'auxC' && $this->version <= 0 ); // Instead of considering this file as invalid, skip unparsable boxes. if ( !$is_parsable ) { $this->type = 'skip'; // FreeSpaceBox. To be ignored by readers. } } // print_r( $this ); // Uncomment to print all boxes. return FOUND; } } //------------------------------------------------------------------------------ class Parser { private $handle; // Input stream. private $num_parsed_boxes = 0; private $data_was_skipped = false; public $features; function __construct( $handle ) { $this->handle = $handle; $this->features = new Features(); } /** * Parses an "ipco" box. * * "ispe" is used for width and height, "pixi" and "av1C" are used for bit depth * and number of channels, and "auxC" is used for alpha. * * @param stream $handle The resource the box will be parsed from. * @param int $num_remaining_bytes The number of bytes that should be available from the resource. * @return Status FOUND on success or an error on failure. */ private function parse_ipco( $num_remaining_bytes ) { $box_index = 1; // 1-based index. Used for iterating over properties. do { $box = new Box(); $status = $box->parse( $this->handle, $this->num_parsed_boxes, $num_remaining_bytes ); if ( $status != FOUND ) { return $status; } if ( $box->type == 'ispe' ) { // See ISO/IEC 23008-12:2017(E) 6.5.3.2 if ( $box->content_size < 8 ) { return INVALID; } if ( !( $data = read( $this->handle, 8 ) ) ) { return TRUNCATED; } $width = read_big_endian( substr( $data, 0, 4 ), 4 ); $height = read_big_endian( substr( $data, 4, 4 ), 4 ); if ( $width == 0 || $height == 0 ) { return INVALID; } if ( count( $this->features->dim_props ) <= MAX_FEATURES && $box_index <= MAX_VALUE ) { $dim_prop_count = count( $this->features->dim_props ); $this->features->dim_props[$dim_prop_count] = new Dim_Prop(); $this->features->dim_props[$dim_prop_count]->property_index = $box_index; $this->features->dim_props[$dim_prop_count]->width = $width; $this->features->dim_props[$dim_prop_count]->height = $height; } else { $this->data_was_skipped = true; } if ( !skip( $this->handle, $box->content_size - 8 ) ) { return TRUNCATED; } } else if ( $box->type == 'pixi' ) { // See ISO/IEC 23008-12:2017(E) 6.5.6.2 if ( $box->content_size < 1 ) { return INVALID; } if ( !( $data = read( $this->handle, 1 ) ) ) { return TRUNCATED; } $num_channels = read_big_endian( $data, 1 ); if ( $num_channels < 1 ) { return INVALID; } if ( $box->content_size < 1 + $num_channels ) { return INVALID; } if ( !( $data = read( $this->handle, 1 ) ) ) { return TRUNCATED; } $bit_depth = read_big_endian( $data, 1 ); if ( $bit_depth < 1 ) { return INVALID; } for ( $i = 1; $i < $num_channels; ++$i ) { if ( !( $data = read( $this->handle, 1 ) ) ) { return TRUNCATED; } // Bit depth should be the same for all channels. if ( read_big_endian( $data, 1 ) != $bit_depth ) { return INVALID; } if ( $i > 32 ) { return ABORTED; // Be reasonable. } } if ( count( $this->features->chan_props ) <= MAX_FEATURES && $box_index <= MAX_VALUE && $bit_depth <= MAX_VALUE && $num_channels <= MAX_VALUE ) { $chan_prop_count = count( $this->features->chan_props ); $this->features->chan_props[$chan_prop_count] = new Chan_Prop(); $this->features->chan_props[$chan_prop_count]->property_index = $box_index; $this->features->chan_props[$chan_prop_count]->bit_depth = $bit_depth; $this->features->chan_props[$chan_prop_count]->num_channels = $num_channels; } else { $this->data_was_skipped = true; } if ( !skip( $this->handle, $box->content_size - ( 1 + $num_channels ) ) ) { return TRUNCATED; } } else if ( $box->type == 'av1C' ) { // See AV1 Codec ISO Media File Format Binding 2.3.1 // at https://aomediacodec.github.io/av1-isobmff/#av1c // Only parse the necessary third byte. Assume that the others are valid. if ( $box->content_size < 3 ) { return INVALID; } if ( !( $data = read( $this->handle, 3 ) ) ) { return TRUNCATED; } $byte = read_big_endian( substr( $data, 2, 1 ), 1 ); $high_bitdepth = ( $byte & 0x40 ) != 0; $twelve_bit = ( $byte & 0x20 ) != 0; $monochrome = ( $byte & 0x10 ) != 0; if ( $twelve_bit && !$high_bitdepth ) { return INVALID; } if ( count( $this->features->chan_props ) <= MAX_FEATURES && $box_index <= MAX_VALUE ) { $chan_prop_count = count( $this->features->chan_props ); $this->features->chan_props[$chan_prop_count] = new Chan_Prop(); $this->features->chan_props[$chan_prop_count]->property_index = $box_index; $this->features->chan_props[$chan_prop_count]->bit_depth = $high_bitdepth ? $twelve_bit ? 12 : 10 : 8; $this->features->chan_props[$chan_prop_count]->num_channels = $monochrome ? 1 : 3; } else { $this->data_was_skipped = true; } if ( !skip( $this->handle, $box->content_size - 3 ) ) { return TRUNCATED; } } else if ( $box->type == 'auxC' ) { // See AV1 Image File Format (AVIF) 4 // at https://aomediacodec.github.io/av1-avif/#auxiliary-images $kAlphaStr = "urn:mpeg:mpegB:cicp:systems:auxiliary:alpha\0"; $kAlphaStrLength = 44; // Includes terminating character. if ( $box->content_size >= $kAlphaStrLength ) { if ( !( $data = read( $this->handle, $kAlphaStrLength ) ) ) { return TRUNCATED; } if ( substr( $data, 0, $kAlphaStrLength ) == $kAlphaStr ) { // Note: It is unlikely but it is possible that this alpha plane does // not belong to the primary item or a tile. Ignore this issue. $this->features->has_alpha = true; } if ( !skip( $this->handle, $box->content_size - $kAlphaStrLength ) ) { return TRUNCATED; } } else { if ( !skip( $this->handle, $box->content_size ) ) { return TRUNCATED; } } } else { if ( !skip( $this->handle, $box->content_size ) ) { return TRUNCATED; } } ++$box_index; $num_remaining_bytes -= $box->size; } while ( $num_remaining_bytes > 0 ); return NOT_FOUND; } /** * Parses an "iprp" box. * * The "ipco" box contains the properties which are linked to items by the "ipma" box. * * @param stream $handle The resource the box will be parsed from. * @param int $num_remaining_bytes The number of bytes that should be available from the resource. * @return Status FOUND on success or an error on failure. */ private function parse_iprp( $num_remaining_bytes ) { do { $box = new Box(); $status = $box->parse( $this->handle, $this->num_parsed_boxes, $num_remaining_bytes ); if ( $status != FOUND ) { return $status; } if ( $box->type == 'ipco' ) { $status = $this->parse_ipco( $box->content_size ); if ( $status != NOT_FOUND ) { return $status; } } else if ( $box->type == 'ipma' ) { // See ISO/IEC 23008-12:2017(E) 9.3.2 $num_read_bytes = 4; if ( $box->content_size < $num_read_bytes ) { return INVALID; } if ( !( $data = read( $this->handle, $num_read_bytes ) ) ) { return TRUNCATED; } $entry_count = read_big_endian( $data, 4 ); $id_num_bytes = ( $box->version < 1 ) ? 2 : 4; $index_num_bytes = ( $box->flags & 1 ) ? 2 : 1; $essential_bit_mask = ( $box->flags & 1 ) ? 0x8000 : 0x80; for ( $entry = 0; $entry < $entry_count; ++$entry ) { if ( $entry >= MAX_PROPS || count( $this->features->props ) >= MAX_PROPS ) { $this->data_was_skipped = true; break; } $num_read_bytes += $id_num_bytes + 1; if ( $box->content_size < $num_read_bytes ) { return INVALID; } if ( !( $data = read( $this->handle, $id_num_bytes + 1 ) ) ) { return TRUNCATED; } $item_id = read_big_endian( substr( $data, 0, $id_num_bytes ), $id_num_bytes ); $association_count = read_big_endian( substr( $data, $id_num_bytes, 1 ), 1 ); for ( $property = 0; $property < $association_count; ++$property ) { if ( $property >= MAX_PROPS || count( $this->features->props ) >= MAX_PROPS ) { $this->data_was_skipped = true; break; } $num_read_bytes += $index_num_bytes; if ( $box->content_size < $num_read_bytes ) { return INVALID; } if ( !( $data = read( $this->handle, $index_num_bytes ) ) ) { return TRUNCATED; } $value = read_big_endian( $data, $index_num_bytes ); // $essential = ($value & $essential_bit_mask); // Unused. $property_index = ( $value & ~$essential_bit_mask ); if ( $property_index <= MAX_VALUE && $item_id <= MAX_VALUE ) { $prop_count = count( $this->features->props ); $this->features->props[$prop_count] = new Prop(); $this->features->props[$prop_count]->property_index = $property_index; $this->features->props[$prop_count]->item_id = $item_id; } else { $this->data_was_skipped = true; } } if ( $property < $association_count ) { break; // Do not read garbage. } } // If all features are available now, do not look further. $status = $this->features->get_primary_item_features(); if ( $status != NOT_FOUND ) { return $status; } // Mostly if 'data_was_skipped'. if ( !skip( $this->handle, $box->content_size - $num_read_bytes ) ) { return TRUNCATED; } } else { if ( !skip( $this->handle, $box->content_size ) ) { return TRUNCATED; } } $num_remaining_bytes -= $box->size; } while ( $num_remaining_bytes > 0 ); return NOT_FOUND; } /** * Parses an "iref" box. * * The "dimg" boxes contain links between tiles and their parent items, which * can be used to infer bit depth and number of channels for the primary item * when the latter does not have these properties. * * @param stream $handle The resource the box will be parsed from. * @param int $num_remaining_bytes The number of bytes that should be available from the resource. * @return Status FOUND on success or an error on failure. */ private function parse_iref( $num_remaining_bytes ) { while ( $num_remaining_bytes > 0 ) { $box = new Box(); $status = $box->parse( $this->handle, $this->num_parsed_boxes, $num_remaining_bytes ); if ( $status != FOUND ) { return $status; } if ( $box->type == 'dimg' ) { // See ISO/IEC 14496-12:2015(E) 8.11.12.2 $num_bytes_per_id = ( $box->version == 0 ) ? 2 : 4; $num_read_bytes = $num_bytes_per_id + 2; if ( $box->content_size < $num_read_bytes ) { return INVALID; } if ( !( $data = read( $this->handle, $num_read_bytes ) ) ) { return TRUNCATED; } $from_item_id = read_big_endian( $data, $num_bytes_per_id ); $reference_count = read_big_endian( substr( $data, $num_bytes_per_id, 2 ), 2 ); for ( $i = 0; $i < $reference_count; ++$i ) { if ( $i >= MAX_TILES ) { $this->data_was_skipped = true; break; } $num_read_bytes += $num_bytes_per_id; if ( $box->content_size < $num_read_bytes ) { return INVALID; } if ( !( $data = read( $this->handle, $num_bytes_per_id ) ) ) { return TRUNCATED; } $to_item_id = read_big_endian( $data, $num_bytes_per_id ); $tile_count = count( $this->features->tiles ); if ( $from_item_id <= MAX_VALUE && $to_item_id <= MAX_VALUE && $tile_count < MAX_TILES ) { $this->features->tiles[$tile_count] = new Tile(); $this->features->tiles[$tile_count]->tile_item_id = $to_item_id; $this->features->tiles[$tile_count]->parent_item_id = $from_item_id; } else { $this->data_was_skipped = true; } } // If all features are available now, do not look further. $status = $this->features->get_primary_item_features(); if ( $status != NOT_FOUND ) { return $status; } // Mostly if 'data_was_skipped'. if ( !skip( $this->handle, $box->content_size - $num_read_bytes ) ) { return TRUNCATED; } } else { if ( !skip( $this->handle, $box->content_size ) ) { return TRUNCATED; } } $num_remaining_bytes -= $box->size; } return NOT_FOUND; } /** * Parses a "meta" box. * * It looks for the primary item ID in the "pitm" box and recurses into other boxes * to find its features. * * @param stream $handle The resource the box will be parsed from. * @param int $num_remaining_bytes The number of bytes that should be available from the resource. * @return Status FOUND on success or an error on failure. */ private function parse_meta( $num_remaining_bytes ) { do { $box = new Box(); $status = $box->parse( $this->handle, $this->num_parsed_boxes, $num_remaining_bytes ); if ( $status != FOUND ) { return $status; } if ( $box->type == 'pitm' ) { // See ISO/IEC 14496-12:2015(E) 8.11.4.2 $num_bytes_per_id = ( $box->version == 0 ) ? 2 : 4; if ( $num_bytes_per_id > $num_remaining_bytes ) { return INVALID; } if ( !( $data = read( $this->handle, $num_bytes_per_id ) ) ) { return TRUNCATED; } $primary_item_id = read_big_endian( $data, $num_bytes_per_id ); if ( $primary_item_id > MAX_VALUE ) { return ABORTED; } $this->features->has_primary_item = true; $this->features->primary_item_id = $primary_item_id; if ( !skip( $this->handle, $box->content_size - $num_bytes_per_id ) ) { return TRUNCATED; } } else if ( $box->type == 'iprp' ) { $status = $this->parse_iprp( $box->content_size ); if ( $status != NOT_FOUND ) { return $status; } } else if ( $box->type == 'iref' ) { $status = $this->parse_iref( $box->content_size ); if ( $status != NOT_FOUND ) { return $status; } } else { if ( !skip( $this->handle, $box->content_size ) ) { return TRUNCATED; } } $num_remaining_bytes -= $box->size; } while ( $num_remaining_bytes != 0 ); // According to ISO/IEC 14496-12:2012(E) 8.11.1.1 there is at most one "meta". return INVALID; } /** * Parses a file stream. * * The file type is checked through the "ftyp" box. * * @return bool True if the input stream is an AVIF bitstream or false. */ public function parse_ftyp() { $box = new Box(); $status = $box->parse( $this->handle, $this->num_parsed_boxes ); if ( $status != FOUND ) { return false; } if ( $box->type != 'ftyp' ) { return false; } // Iterate over brands. See ISO/IEC 14496-12:2012(E) 4.3.1 if ( $box->content_size < 8 ) { return false; } for ( $i = 0; $i + 4 <= $box->content_size; $i += 4 ) { if ( !( $data = read( $this->handle, 4 ) ) ) { return false; } if ( $i == 4 ) { continue; // Skip minor_version. } if ( substr( $data, 0, 4 ) == 'avif' || substr( $data, 0, 4 ) == 'avis' ) { return skip( $this->handle, $box->content_size - ( $i + 4 ) ); } if ( $i > 32 * 4 ) { return false; // Be reasonable. } } return false; // No AVIF brand no good. } /** * Parses a file stream. * * Features are extracted from the "meta" box. * * @return bool True if the main features of the primary item were parsed or false. */ public function parse_file() { $box = new Box(); while ( $box->parse( $this->handle, $this->num_parsed_boxes ) == FOUND ) { if ( $box->type === 'meta' ) { if ( $this->parse_meta( $box->content_size ) != FOUND ) { return false; } return true; } if ( !skip( $this->handle, $box->content_size ) ) { return false; } } return false; // No "meta" no good. } }